Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Financial Times website hijacked by pro-government hackers

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 17, 2013

The Financial Times website this afternoon was hijacked by pro-government hackers from a group that calls itself the 'Syrian Electronic Army'. The site and its Twitter account were both compromised to run stories headlined "The Syrian Electronic Army Was Here" and "Hacked by the Syrian Electronic Army".

And while all of this was happening, the Technology News, FT Media and FT Markets' Twitter feeds were seized by miscreants, who posted web links to disturbing YouTube videos of jihadis executing several men by a firing squad.

The website has since been cleaned up, but the Twitter accounts still remain compromised nevertheless. The attack is the latest in a series of high-profile hacking attacks against several media organizations by hackers apparently in favor of Syrian president Bashar al-Assad.

The so-called electronic army has knackered the online operations of the The Guardian, Associated Press, the BBC and even satirical newspaper The Onion.

Tech geeks at The Onion published an informative postmortem after the attack, revealing its email accounts were infiltrated following a multistage phishing expedition-- a raid that gave the hackers control of the magazine's social networking pages.

The techniques used against the FT are unclear at the time of writing, while a full-fledged investigation is ongoing. Internet security firm Arbor Networks said Twitter's anticipated introduction of two-factor authentication ought to curtail, if not eliminate, this sort of account hijacking.

Dan Holden, director of research at Arbor, commented-- "Twitter recently announced a few plans to introduce two factor authentication, which is a big step forward from a security perspective. As this particular event clearly demonstrates, the human element is often the weakest link in any security solution, and this is no exception."

"Given similar attacks in recent weeks against the Guardian in the United Kingdom and The Onion in U.S., these attacks seem to be very targeted. Organizations should put processes in place to ensure that their staff are trained on best practices and have the support and training needed to allow them to follow these practices easily during their normal working routine. Ideally, network monitoring solutions should also be put in place to alert an organization when a user system connects to a known bad actor on the internet as this may indicate a compromise, allowing remedial action to be taken before there is any business impact," he added.

In other internet security news

According to IT head hunter firm e-Skills, just seven percent of all computer and internet security professionals are aged between 20 and 29. e-Skills sees apprenticeships as a vital method of encouraging young students to work effectively in this critical IT segment of the industry and help reduce online threats that are constantly escalating in the enterprise segment.

The employment/consultancy firm is working with a number of British companies, including privatized defense scientists at QinetiQ, and engineers at British Telecom, IBM, Cassidian, the CREST Group and disability benefit assessors Atos.

The new initiative is an effort to develop nationally available degree-level apprenticeships in the field of computer and internet security.

Just like trade apprenticeships, these various positions will be offered with competitive salaries and will give young people a chance to build a strong and promising career while earning industry certification degrees.

Coordinated by the National Skills Academy for IT, the apprenticeships will be created later this year. The goal is to provide the sort of useful skills in demand from employers, while attracting women and other groups who are currently under-represented in the computer security industry.

Paul Thorby, technical and strategy director at QinetiQ and Chair of the employer group says: "QinetiQ is pleased to be driving this partnership with e-skills and other industry employers in the United Kingdom to shape new career development opportunities for our next generation of cyber professionals."

Specializing in defense technology, Qinetiq knows very well the risks of inadequate digital defense methods, having been repeatedly targeted by Chinese hackers over a three-year period.

"There are currently just a few structured routes for young people to enter the cyber security work sector", said Bob Nowill, director of cyber security at British Telecom.

"We are pleased to be contributing to this opportunity to proactively grow new talent which is directly aligned to the needs of industry,” he added.

The new program will be supported by the U.K. Commission for Employment and Skills, a taxpayer-funded operation set up to offer the British government advice on skills and employment in the country.

In other internet security news

For more times than it probably cares to remember, China has been singled out by the United States and its allies as one of biggest source of internet hacking attacks. But amid all the anti-China rhetoric, has China been given an unfairly bad name in all of this?

At first blush, there's mounting evidence pinning the source of state-sponsored espionage activity on China. Verizon’s Data Breach Investigations Report – sourcing its data from law enforcement and security agencies across the globe – claims that about 96 percent of state-affiliated attacks came from China.

Then there's the Fire Eye’s Advanced Cyber Attack Landscape report, which reveals that 89 percent of all APT callback activities are associated with APT tools either made in China or closely associated with specific Chinese hacking groups.

Internet security consultancy Mandiant went further in a high profile February report, alleging a concrete link between notorious hacking group Comment Crew (aka APT) and the People’s Liberation Army. Most recently, a Pentagon report issued last week claimed-- “Numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.”

Broadening the scope beyond state-sponsored internet attacks, the information security industry seems pretty much in agreement that China is a major attack source. Symantec’s latest global Internet Security Threat Report for 2013 claimed the country was the number one source of network attacks, accounting for almost 30 percent of the global number, and second behind the U.S. when it came to “malicious activity” in 2012.

And there's more. Spam blacklist service Composite Blocking List (CBL), meanwhile, deemed Chinese IP addresses as the world’s worst offenders, accounting for 22.5 percent of the global spam list.

The latest numbers from China’s Computer Emergency Reponse Team (CN-CERT) reported that 1.4 million infected computers in the country were controlled by Trojans or Botnets and over 1 million by the 2001 Conficker worm.

Then, Panda Internet Security earlier this year branded China as the most malware-ridden nation, claiming that 55 percent of its computers were infected in a very serious manner.

All of which paints China as a nasty country when it comes to internet security and hacker attacks. But one has to wonder-- is it really 100 percent justified? The nature of the internet means that a large number of IP addresses fingered as attack sources or compromised computers and servers is no indication that attacks are actually being launched by actors from within China.

It is more accurately an indication that within that country exist a large number of vulnerable computers and perhaps inadequate law enforcement or industry self-regulation.

As a matter of fact, China always claims that it's a victim, not a perpetrator, of cyber attacks – many of which it says come from the U.S., so which is which?

The biggest hurdle that internet security researchers face today is explaining the true origin of an attack, says Fortinet’s global security strategist, Derek Manky.

Attacks can be routed through several compromised computers used as proxies all over the world – finding a command and control (C&C) server is definitely not an indication of an attack source. And IPs can easily be spoofed as well, adding another layer of insecurity to the whole picture.

“In some cases, it’s easy enough to trace back one hop but this is never enough because in some cases there are four or five hops and often they encrypt the traffic with VPNs,” Manky explained. “It means that you have to go to every related ISP in each different country, all of which may be subject to different legislation and law enforcement regimes, further complicating an issue that is already tough enough to manage.”

Manky argued that cyber criminals focus their efforts on China because of the larger numbers of potentially vulnerable PCs there and regulatory loopholes which allow unscrupulous domain registrars to continue operating under the radar. But to be fair to China, both of these factors are also true of the United States, however.

“There are a lot of IP addresses in China and there are a lot of infected systems. Many are XP machines not even running Service Pack 2 so they’re low hanging fruit,” Manky said. “They’re infected and then brought under the control of operators outside of China – in the U.S., Latin America, Eastern Europe, etc. And then they are used as a platform which can be leased out by the criminal operator, wherever he or she might be.”

In order to be successful, this kind of Crime-as-a-Service (CaaS) scheme also requires so-called bulletproof hosting firms where hackers can run C&C servers and register malicious domains safe from the prying eyes of law enforcement. “These places provide a safe haven.

Two or three different actors in China come to mind, accepting domain registrations which ultimately lead to attack campaigns – it’s a real and big black hole in China,” said Manky.

“Interestingly, China has done something, albeit it's not that much to begin with. It had an issue with fraudulent registrations so the government acted to tighten registration, but there are still a lot of loopholes in the system – not just in China but everywhere you look.”

The latest CN-CERT statistics reveal that 140 malicious domains, about 34.2 percent located in mainland China, were hosted in such a manner by attackers outside of the country.

Fire Eye EMEA product manager Jason Steer says that China was number three in the firm’s recent report for hosting C&C systems, below the U.S. and South Korea, but agreed with Manky that this in no way signifies that actors inside the country are attacking global targets in huge numbers, so the issue is all over the map.

“Actually, I'd argue something different in fact-- cyber attacks coming from within your country indicate that C&C servers are set up in-country to confuse defenders. Attackers are less easy to spot and find with traffic staying in the country first and then being moved on,” he said.

“Given the geographic size of China and the size of its PC population, it's an obvious place to attack from – with high speed internet and the same insecure computers running Windows there as they do across the world. As it rolls out high speed internet, clearly it’s a good place to locate systems without questions being asked.”

Just for the record, China's internet population at the end of last year stood at 564 million, around 50 million more than a year before. That's still just a 42 percent penetration rate but it's still a lot of users to target nevertheless, meaning that China is likely to remain an attractive location for cyber crime gangs located all over the globe.

The security vulnerabilities in China's address space are also being exploited by home-grown attackers, as a report on China’s Online Underground Economy released last August reveals.

The report demonstrated that almost 23.5 percent of the country’s internet users and 1.1 million web sites were affected in 2011, at a cost of over 5 billion Chinese yuans.

Trend Micro vice president of internet security Tom Kellermann says that there are over 90,000 members of the Chinese shadow economy. “Over the past two years, there has been an explosive growth in criminal hacking activity within China targeting Chinese corporations,” he added.

China’s challenge is to promote greater levels of information security awareness among its vast population, especially as more and more internet users come online for the first time, and tighten up the loopholes which have allowed bulletproof hosters to flourish in the first place.

Such steps will make it less attractive for criminals – reducing the number of attacks launched by operators outside the country using compromised Chinese IP addresses, as well as cutting its domestic cyber crime issues as well.

On average, it’s rather difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned internet attacks originating from within the country. But it’s also worth remembering that activities of this kind are certainly being carried out to a lesser or greater extent by all major global powers as well, so China isn't the only player here, but it still remains a major one, nevertheless.

In a September 2012 report, Trend Micro’s Kellermann even concluded that “hackers from the former Soviet bloc are a more sophisticated and clandestine threat than its counterparts in China”.

The issue in China is that it’s currently the noisiest out there. Perhaps if it wants the damaging headlines to go away it needs to get its own house in order and get caught less frequently.

In other internet security news

Cody Kretsinger, a twenty-five year old man from Decatur, Illinois, and a former LulzSec hacker has been placed in federal prison for a year for hacking into Sony Pictures' servers.

Kretsinger was better known to his fellow LulzSec buddies as "Recursion" and was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison.

He was sentenced by a Los Angeles court yesterday. Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of servers in a plea-bargaining agreement.

Kretsinger admitted breaking into the Sony Pictures website and extracting information which he passed on to other members of LulzSec, who leaked the data in order to embarrass Sony, a hated enemy of the hacktivist group.

Sony claimed that the hack left it $600,000 out of pocket. Kretsinger was ordered to somehow repay this amount in restitution to Sony, the LA Times adds.

Earlier this month, a 26-year-old British man also pleaded guilty to computer hacking as part of LulzSec, a splinter group of mischief-makers from the larger Anonymous collective.

Ryan Ackroyd, from South Yorkshire, admitted taking part in attacks against numerous high-profile targets including Nintendo, News International, 20th Century Fox, Sony Group and the NHS. Ackroyd adopted the online persona of a 16-year-old girl named Kayla during much of his malfeasance.

Ackroyd and other convicted LulzSec suspects like Jake Davis, 20, from the Shetland Islands, Scotland, 18-year-old Mustafa Al-Bassam from Peckham, south London and Ryan Cleary, 21, from Wickford, Essex are all due to be sentenced on May 14.

Erstwhile LulzSec leader Hector Monsegur, was revealed in March 2012 as an FBI informer who had been grassing on his former cohorts for ten months after his arrest in June 2011. Sabu's sentencing was delayed by six months in February due to his "ongoing cooperation with the government".

In other internet security news

Internet security researchers say they have discovered a whole list of new malware that targets the QUIK stocktrading application used by some banks and financial institutions.

The malware has been used in a series of attacks since November 2012, according to Russian security firm Group-IB. Cyber criminals have traditionally targeted private and corporate banking accounts, using malware such as variants of the ZeuS cybercrime toolkit to log key-strokes and extract account information from investors and traders.

This isn't new-- online stock trading and brokerage systems have been hacked a lot in the past, but attacks have been successful through fake profiles and social engineering scams.

Recently however, trading fraudsters have diversified tactics and begun to use malware, in an effort to defraud the public and steal money.

Particularly, professional black hat coders have designed a new strain of malware targeting specialized trading software called QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS I-Vonline from New York-based EGAR Technology.

Such software is used by many banks in the Russian Federation including Sberbank, Alfa-Bank and Promsvyazbank.

Both of the applications are used for trading on MICEX, a leading Russian stock exchange. MICEX offers services including placing and trading stocks, listing securities, and even the facility to set up initial public offerings (IPOs) or company flotations.

Exchange clients trade in stocks and shares issued by the likes of Gazprom, VTB Bank, RusHydro, Mobile TeleSystems, and a few others.

Andrey Komarov of Group-IB says that the online trading malware was a variation of the Ranbyus spyware normally used to infect Windows computers and target online banking customers.

"It has quite similar functions to Zeus, as it uses a VNC spawning module which helps the hacker to be connected to the infected computer absolutely remotely and to do his fraud in silence, that's why it won't be detected by anti-fraud filters, as the theft will happen from the same IP address," Komarov explained.

Worse, another Trojan virus identified as Broker-J, also targets QUIK but uses other techniques instead, effectively stealing encryption keys from the QUIK storage and transferring them to cybercriminals, still using the same IP to avoid detection.

"The end customer should use standard methods of antivirus defense if he or she runs financial software on a personal computer which is connected to public networks," said Vladimir Kurlyandchik, head of business development at ARQA Technologies.

"People should use efficient internet security appliances and antivirus software, and also make use of firewalls. It is our standard recommendation," he added.

"In case of any suspicions of unauthorized access to an account the end user should immediately initiate the procedure of changing access keys, along with new user IDs and secure passwords," he added.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: The Financial Times.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

















Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Click here to order your new fully dedicated Plesk server with the Linux operating system.


Get your Linux or Windows dedicated server today.





Click here to order your new fully dedicated Plesk server with the Linux operating system.





Click here to order your new fully dedicated Plesk server with the Linux operating system.